Collective thoughts and musings on the state of VoIP security today.

Category Archives: Cryptography

IP Softphone specialists CounterPath recently announced that they will license Phil Zimmermann’s ZRTP (Zfone) technology for use in their client products, namely eyeBeam and X-Lite, joining other publicly announced licencees Borderware, PGP Corp, Ripcord and TiVi.

As you may know, ZRTP has done very well in terms of acceptance in the last few months. Zimmermann has many friends in the security community, but also has great credentials in the open source world. ZRTP is an openly published protocol, but also is available as source code, thereby making it possible to test in all kinds of ways, not only closed-box (black box) testing but also in terms of working through the algorithm and even unit testing the code.

At the recent IETF meeting, methods of key exchange were discussed, as subscribers to the Voipsec list (from the VOIPSA site) cannot have failed to miss. The IETF have gone from a list of thirteen proposals down to a final two, and ZRTP is one of those, despite being considered by some as a latecomer.Â Many organizations and people that I have come across trust in Zimmermann and believe that ZRTP is the answer.

If we go to the opposite end of the trust scale, we find Skype.Â Poor old Skype are still getting weekly batterings from press critics on the security front.Â A lot of the same criticisms are brought up time and time again, and in fairness Skype have countered a lot of the concerns, by allowing features to be switched off, changes to the package and so on.Â We donâ€™t need to rehearse all those issues here once again.

However, the issues that keep coming up, and which Skype have not argued away are those of security by obscurity and the secrecy of the protocols they use for encryption and key exchange. Famously, Skype hired security expert Tom Berson to write a report based on a long evaluation of Skypeâ€™s security provisions, but most academics still desire transparency, and the ability to evaluate the algorithms for themselves.

Academics and commercial security experts both say that simply using a secret algorithm is no guarantee of safety. Furthermore, the fact that it is secret merely means that when someone does compromise Skype, the detection and mitigation of the problem will be slowed down or prevented. Skype at that point becomes a dangerous â€˜botâ€™ sitting behind thousands of firewalls.

What better time, then, for Skype to embrace ZRTP? Licensing ZRTP can hardly be a problem for Skype and its Ebay parent, and there is so much to gain from this. A large community of security and VoIP specialists already believe in ZRTP; the IETF likes it; commercial acceptance exists in licencees in the Softphone and Session Border Controller market. IT Managers, Iâ€™m sure, would be happier with Skype usage in the workplace if they were allowed to detect and control it, and (who knows with key escrow) in some way to log and record from it.

Come on, Skype, grab the nettle. The tools are in your hands to silence your critics.

Share this:

I previously reported that the Wired Equivalent Privacy (WEP) encryption scheme could be broken in 3 minutes.Â Now researchers have reduced this to 1 minute, the most effective attack yet.Â Visit the Bruce Schneier blog for the link to the paper in PDF format.Â It’s really time to upgrade or reconfigure that home network.

Perhaps it has been up for a while, but I just noticed today the new Zfone Project Home Page. Previously Phil Zimmermann had Zfone as a subset of his philzimmermann.com website, but now it’s off on its own sharp-looking site. There’s also news of a new beta for download as of February 9th. Kudos to Phil and his team for launching the new site and, as always, we’re definitely interested in hearing what people think (okay, at least I am).

Share this:

Dean Elwood, one of the founders of voipuser.orgÂ (a free VoIP service provider and online magazine) recently wrote an interesting article called “How To Build A Voip Network:Â 7 rules for the VoIP entrepreneur in 2007.“Â It’s a great read fromÂ someone with experience of creating value from a VoIP service, rather than the usual marketing “talking head”.Â It also raises some interesting VoIP security questions, including Session Border Controllers, Lawful Intercept, Denial of Service andÂ confidentiality.

Share this:

At the IET Secure Mobile conference last week, Dr Philip Nobles from Cranfield University in the UK spoke about the subject of wireless LAN security.Â He showed the output of a tool running on his laptop on a 40 mile train ride into London.Â He had captured a large number of WLANs on the way, of which perhaps 60% were completely unsecured.Â In addition, you could see that many were using factory default settings, for example SSIDs (LAN identifier) of ‘netgear’.Â So all these sites can be compromised in terms of network sniffing, router hijhacking and theft of bandwidth.

Dr Nobles also spoke about WEP (Wired Equivalent Privacy), the first attempt to introduce encryption to WiFi networks.Â I had known that WEP was compromised at least in an academic sense, but I was surprised that practical tools exist for breaking WEP in a very short time. “My router gave up its key in 3 minutes”, Nobles said of his own home router.

In view of this, here are a few ideas for securing your WLAN in the home or the office:

1. Use WPA encryption (WiFi Protected Access) if this is available on your router/client setup.Â If not, use WEP in preference to leaving the router ‘open’.Â Use keys (passphrases) that will not be easy to guess.

2. Most routers have an option to hide the SSID, i.e. not broadcast the name.Â This means that the clients have to know the name explicitly.Â This is is good idea to switch on, and makes you look much less interesting on the Netstumbler display.

3. Don’t use the default SSID, and it is better to use a name that will not be vulnerable to dictionary attack, and one that doesn’t hint at your physical location.

4. Similarly, set an admin password on your router, again one difficult to guess or get by dictionary attack.Â For example, at one time I used “astro0cosmo0.”

5.Â Often you can block admin logon to the router from the Internet side, which is a good idea if you don’t need to remote manage it.

6. Some routers have the facility to “lock down” access to the router by only accepting connections from specific MAC addresses.Â In my experience this can be inconvenient to manage (for example if a WiFi card is replaced, or if a friend comes to visit with his machine), but it does limit the options for attackers.

7. Similarly, with some routers you can assign IP addresses to specific MAC addresses, and use the firewall to block unknown IP clients.Â As above, this can be inconvenient to manage, but it does limit access.

Share this:

The other day at the IET Secure Mobile conference in London, Steve Babbage, Vodafoneâ€™s Group Chief Crypographer (great job title) gave the keynote, and I was fortunate to speak to him afterwards about his ideas. Â One interesting area was â€œsecurity through obscurityâ€, where he maintained that in some situations it makes sense to make an attackerâ€™s job as difficult as possible through the use of secret algorithms. Â I hope I can do the argument justice here.Â

The World has changed today, and generally governments do not try to interfere in the issues of what crypto gets used in commercial mobile networks.Â However, when GSM was born, 40bit encryption was a (rather weak) standard that governments agreed should be used. Â In this environment, Steve Babbage maintains, the cellcos would have been mad to release all the details of the algorithm to the public, since the added obscurity would make it even harder for an attacker to get a foothold. Â In the context of SIM attacks (being physically in contact with the SIM to decrypt it, Â a so-called â€œside-channel attackâ€), sometimes attackers can gain knowledge about the secret key by measuring the power usage of the chip under attack. Â On the other hand, if the algorithm is secret, then it is impossible for an attacker to map power fluctuations against a model, since all he has is a seemingly patternless output from an engine of unknown design.Â

The use of secret algorithms is generally thought of these days as a â€œbad thingâ€, since if the algorithm is openly published it means that academics and researchers can test the thing to death and publish vulnerabilities that they find. Â This should result in better algorithms and fewer defects in the long term. Â Babbage doesnâ€™t argue in favour of â€œcobbling something together in secretâ€, but rather he is saying that if you take a proven good thing like AES/Rijndael, and then add a further secret component to the algorithm, then the intellectual rigour is still there, with an added component to defeat foes. Â

What do you think about security via obscurity?

Share this:

I just stumbled across an interesting article about the use of VoIP in the battlefield. Looking at it from a security point-of-view, you can see that they have all the problems of civilian VoIP, but the consequences of failure could be much higher.

To take some examples: A successful denial-of-service attach could disable battlefield communication; Defeating the encryption system could result in eavesdropping, and the gathering of strategic intelligence; Failures in authentication could result in an enemy posing as your troops, inserting their own disinformation, or perhaps they could make accredited troops fail to attach to the voice network. Network hijacking could also be a problem, where they piggyback on your network to use its resources and equipment to pass their own data.

Certainly a lot of threats to counter. I’ve heard it said that military technology is 10 years ahead of civilian technology. I’m hoping that’s true in this case, and that there’s a lot of good stuff that we can benefit from in the next few years.

Share this:

According to news in PC Pro magazine, authorities in Switzerland have come up with an unorthodox plan to tackle call tapping of Skype and other VoIP users.Â VoIP calls can be end-to-end encrypted, which means that tapping on the Internet itself is often not practical.Â For example Skype use an undisclosed encryption algorithm and key exchange system.Â Phil Zimmermannâ€™s Zfone employs perfect secrecy so that the conversation cannot even be listened to later offline when the encryption key has been obtained.

So the Swiss plan?Â Tap the calls on the PC, by means of installing some kind of trojan to tap into the audio stream before it is encrypted.Â It would be installed either by the authorities or remotely by the ISP.

Now, this is a daft idea on so many different levels that itâ€™s hard to know where to begin.Â In an ordered society like Switzerland you could expect a high level of compliance with this kind of procedure.Â Unfortunately, the ones that wonâ€™t comply (for example malevolent hackers; gangsters; terrorists) are probably the ones that you are most interested in gathering intelligence about.Â Secondly, itâ€™s a gift for criminals, since if you leave a backdoor open, the PC already compromised, then someone will likely exploit this for criminal purposes.

With the right software in place, audio could be relayed in from elsewhere, allowing criminals to make calls â€œon your phoneâ€, possibly implicating you in a crime. Â Similarly, audio could be relayed out, so that those outside the government service could tap your phone, a boon to tabloid newspapers and blackmailers.

Finally, in a world of ever more mobile users, is this approach even practical?Â Mobile users with GPRS in their phone or PDA can connect to the Internet without even touching a Swiss ISP.Â Crime doesn’t necessarily stop at borders these days, couldn’t criminals just be in and out of the country before the G-Man sneaks some tapping software onto their laptop?

Share this:

Catching up on my reading, I see that Dr Dobb’s Journal honoured crypto guru Bruce Schneier in their April edition with an excellence in programming award.Â I’ve been a fan of DDJ since I first came across the magazine in the 1980’s, and (with my software developer hat on) once even had the thrill of contributing to DDJ.

Congratulations, Bruce, coming from one of theÂ World’sÂ top-rank developer publications, I think this is an accolade to really enjoy.Â